Skip Navigation

Configure the
BlackBerry Secure Gateway
to use OAuth with supported TLS versions and ciphers

You can configure the
BlackBerry Secure Gateway
to use OAuth for modern authentication. To use OAuth, you need to specify the mail server URL from the email profile, and the URL to retrieve the identity provider discovery document. For more information on the discovery document, see the Microsoft documentation.
You can also specify the TLS version and
Microsoft Exchange
SSL ciphers that the
BlackBerry Secure Gateway
uses for connections to
Exchange ActiveSync
. You may need to update this list according to the security requirements of your
Exchange ActiveSync
  1. In the management console, on the menu bar, click
    Settings > External Integration > BlackBerry Secure Gateway
  2. To add or remove a TLS version or SSL cipher, click The Add icon in the appropriate table.
  3. Click the TLS version or cipher that you want to add or remove from the
  4. Click the arrow to move the item to the desired list.
  5. Click
  6. To use modern authentication, select
    Enable OAuth for mail server authentication
  7. In the
    Discovery endpoint
    field, type the URL that the
    BlackBerry Secure Gateway
    uses to retrieve and cache the identity provider discovery document.
    • Format:
      identity provider
    • Example:
    • Example:
    BlackBerry Secure Gateway
    retrieves both the unversioned and v2.0 discovery documents and periodically refreshes the cached documents.
  8. In the
    Mail server resource
    field, type the URL for the mail server specified in the email profile, starting with "https://" (for example.
  9. Click